CrowdStrike outage highlights risk of cyber disruptions to supply chains
An estimated 49 million organisations were impacted according to analysis by Interos, demonstrating the vulnerabilities of supply chains to cyber risks
According to analysis by Interos, the CrowdStrike IT outage potentially impacted an estimated 49 million organisations when including Tier Three customers of Crowdstrike and Microsoft.
While Interos found 674,620 direct customers of the two companies at the centre of the crisis, extending this upstream showed how wide the impact of cyber incidents can be and the risks of sudden disruption in interconnected, digitalised supply chains.
While global supply chains were overall able to ride out the impact of the software glitches introduced by the CrowdStrike software with relatively limited impacts, high profile, critical pieces did report disruptions. The research notes that “ports from New York to Los Angeles and Rotterdam reported temporary shutdowns, while air freight suffered the hardest blow, with thousands of flights grounded or delayed.”
They found that the US was the most affected country, with 41% of organisations directly impacted located within the country. Major European countries accounted for the next most significant share of Tier One organisations affected, with 28% of incidents recorded in the UK, Germany, Italy, France, Spain, or The Netherlands.
Rising risks, overconfidence in defences
A 2024 Survey of European supply chain professionals from Reuters Events Supply Chain and Maersk found that cyber security was one of the top five potential disruption they could face across the year, cited by 34% of respondents.
Despite the number of cyber incidents in supply chains and their severity rising in recent years, their remains notable gaps in addressing weaknesses.
Just 34% of US manufacturers have comprehensive System Security Plans (SSPs) in place according to a report from MxD (Manufacturing x Digital), the digital manufacturing institute and the National Center for Cybersecurity in Manufacturing. These are documents that lay out how firms aim to secure systems and data from cyber risks and are frequently required for compliance.
The research noted that the gaps were particularly stark between better resourced, larger companies and smaller manufacturers. While 88% of manufacturers with over 500 employees report a dedicated cybersecurity leader, that falls to 35% of small- and medium-sized manufacturers.
Despite these gaps, 76% of manufacturers said that they are confident that they could respond to an incident.
“We see a sense of overconfidence in our research results, which is concerning given that everyone is at risk, from the largest multinational to small- and medium-sized manufacturers who often lack the proper resources to protect themselves from cyber-attacks," said MxD CEO Berardino Baratta.
However, the report does also note that 82% of manufacturers plan to increase cybersecurity spending over their upcoming budget cycle.